In a coup for privacy advocates, strong end-to-end encryption is coming to Whatsapp, a cross-platform instant messaging app with more than 500 million installations on the Android platform alone.
Until now, most popular messaging apps for smartphones have offered woefully inadequate protections against eavesdropping. Whatsapp, which Facebook recently acquired for $19 billion, has itself been criticized for a series of crypto blunders only spooks in the National Security Agency would love. Most other mobile apps haven’t done much better, as a recent scorecard of 39 apps compiled by the Electronic Frontier Foundation attests. Many fail to implement perfect forward secrecy, which uses a different key for each message or session to ensure that an adversary who intercepts a key can’t use it to decrypt old messages. The notable exception among popular messaging apps is Apple’s iMessage, but it’s not available for Android handsets.
Enter Moxie Marlinspike, the highly regarded security researcher and principal developer of TextSecure, an SMS app for Android. Over the past three years, his team at Open Whisper Systems has developed a open encryption protocol for asynchronous messaging systems. The term asynchronous means that the endpoints don’t need to wait for a message from a server or other party to function properly. That’s what allows one person to send a burst of a dozen messages while the other remains idle. Implementing strong end-to-end crypto on such systems is especially challenging, particularly when it comes to devising a way to implement forward secrecy. But as Ars reported last year, TextSecure devised a clever technique for doing just that.
Read 2 remaining paragraphs | Comments